Re: help understanding ikectl error messages

2018-01-15 Thread Andreas Thulin 
Thanks Stuart for replies! I can confirm that I could proceed without
issues on 6.2-current. :-)

BR, Andreas
mån 15 jan. 2018 kl. 10:31 skrev Stuart Henderson :

> On 2018/01/15 06:35, Andreas Thulin wrote:
> > Sorry, my bad!
> >
> > 6.2-stable. And after sending my e-mail, I found a post about this
> issue, that ended up in
> > ikeca.c (?) having been patched on 8 November last year to resolve the
> same issue, I believe. I
> > have installed 6.2-current on another machine to figure out if that
> solves the problem.
> >
> > BR, Andreas
>
> Thanks - -current should fix this. (I did think that it had been fixed
> before 6.2 which is why I asked about the version, but yes it looks like
> this one wasn't fixed until 8 Nov).
>
>

Re: help understanding ikectl error messages

2018-01-15 Thread Stuart Henderson 
On 2018/01/15 06:35, Andreas Thulin wrote:
> Sorry, my bad!
> 
> 6.2-stable. And after sending my e-mail, I found a post about this issue, 
> that ended up in
> ikeca.c (?) having been patched on 8 November last year to resolve the same 
> issue, I believe. I
> have installed 6.2-current on another machine to figure out if that solves 
> the problem.
> 
> BR, Andreas

Thanks - -current should fix this. (I did think that it had been fixed
before 6.2 which is why I asked about the version, but yes it looks like
this one wasn't fixed until 8 Nov).

Re: help understanding ikectl error messages

2018-01-14 Thread Andreas Thulin 
Sorry, my bad!

6.2-stable. And after sending my e-mail, I found a post about this issue,
that ended up in ikeca.c (?) having been patched on 8 November last year to
resolve the same issue, I believe. I have installed 6.2-current on another
machine to figure out if that solves the problem.

BR, Andreas
sön 14 jan. 2018 kl. 23:03 skrev Stuart Henderson :

> On 2018-01-09, Andreas Thulin  wrote:
> > Hi!
> >
> > Following the example on https://man.openbsd.org/ikectl, I
> >
> > # ikectl ca test create
> > ...and then
> > # ikectl ca test certificate sub.domain.com create
> > ...filled out "the form", but after that...
> > Using configuration from /etc/ssl/test/sub.domain.com-ssl.cnf
> > Check that the request matches the signature
> > Signature ok
> > The Subject's Distinguished Name is as follows
> > countryName   :PRINTABLE:'SE'
> > organizationName  :ASN.1 12:'cppm'
> > commonName:ASN.1 12:'sub.domain.com'
> > emailAddress  :IA5STRING:'webmas...@domain.com'
> > ERROR: adding extensions in section x509v3_FQDN
> > 2198743120:error:22FFF06D:X509 V3 routines:func(4095):invalid null
> > value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355:
> > 2198743120:error:22FFF069:X509 V3 routines:func(4095):invalid extension
> >
> string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=DNS:
> > 2198743120:error:22FFF080:X509 V3 routines:func(4095):error in
> > extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName,
> > value=DNS:
> >
> > I'm probably doing something stupid, so if anyone can point me in the
> right
> > direction, that would be highly appreciated.
> >
> > BR
> > Andreas
> >
>
> Which version are you running? (See "Include important information"
> on http://www.openbsd.org/mail.html).
>
>
>

Re: help understanding ikectl error messages

2018-01-14 Thread Stuart Henderson 
On 2018-01-09, Andreas Thulin  wrote:
> Hi!
>
> Following the example on https://man.openbsd.org/ikectl, I
>
> # ikectl ca test create
> ...and then
> # ikectl ca test certificate sub.domain.com create
> ...filled out "the form", but after that...
> Using configuration from /etc/ssl/test/sub.domain.com-ssl.cnf
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> countryName   :PRINTABLE:'SE'
> organizationName  :ASN.1 12:'cppm'
> commonName:ASN.1 12:'sub.domain.com'
> emailAddress  :IA5STRING:'webmas...@domain.com'
> ERROR: adding extensions in section x509v3_FQDN
> 2198743120:error:22FFF06D:X509 V3 routines:func(4095):invalid null
> value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355:
> 2198743120:error:22FFF069:X509 V3 routines:func(4095):invalid extension
> string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=DNS:
> 2198743120:error:22FFF080:X509 V3 routines:func(4095):error in
> extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName,
> value=DNS:
>
> I'm probably doing something stupid, so if anyone can point me in the right
> direction, that would be highly appreciated.
>
> BR
> Andreas
>

Which version are you running? (See "Include important information"
on http://www.openbsd.org/mail.html).

help understanding ikectl error messages

2018-01-09 Thread Andreas Thulin 
Hi!

Following the example on https://man.openbsd.org/ikectl, I

# ikectl ca test create
...and then
# ikectl ca test certificate sub.domain.com create
...filled out "the form", but after that...
Using configuration from /etc/ssl/test/sub.domain.com-ssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName   :PRINTABLE:'SE'
organizationName  :ASN.1 12:'cppm'
commonName:ASN.1 12:'sub.domain.com'
emailAddress  :IA5STRING:'webmas...@domain.com'
ERROR: adding extensions in section x509v3_FQDN
2198743120:error:22FFF06D:X509 V3 routines:func(4095):invalid null
value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355:
2198743120:error:22FFF069:X509 V3 routines:func(4095):invalid extension
string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=DNS:
2198743120:error:22FFF080:X509 V3 routines:func(4095):error in
extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName,
value=DNS:

I'm probably doing something stupid, so if anyone can point me in the right
direction, that would be highly appreciated.

BR
Andreas